CloudLinux OS Blog

HardenedPHP for EasyApache 4 updated

HardenedPHP for EasyApache 4 updated

The new updated HardenedPHP packages are available for download from our production repository.

Changelog:

ea-php71-7.1.7-1.cloudlinux.1

ea-php70-7.0.21-1.cloudlinux.1

ea-php56-5.6.31-1.cloudlinux.1

  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

ea-php55-5.5.38-22.cloudlinux.1

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring;
  • updated Litespeed SAPI to 6.11.

ea-php54-5.4.45-38.cloudlinux.1

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring;
  • updated Litespeed SAPI to 6.11.

ea-php53-5.3.29-15.cloudlinux

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring;
  • updated Litespeed SAPI to 6.11.

ea-php52-5.2.17-15.cloudlinux

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring;
  • updated Litespeed SAPI to 6.11.

ea-php51-5.1.6-11.cloudlinux

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring;
  • updated Litespeed SAPI to 6.11.

To update run:

yum update ea-php* 

Topic: CloudLinux OS Blog , Tags: #HardenedPHP, #easyapache4,

1175 people viewed this

Comments

 
No comments yet

Leave your comment

Guest, Wednesday, 21 November 2018

Captcha Image